iPhone Forensics
Reviewed by Robert
Pritchett
Author: Jonathan
Zdziarski
O'Reilly
Released: September 2008
Pages: 138
$40
ISBN:9780596153588
Strengths: Shows the underside of the iPhone and how
to access it.
Weaknesses: None found. You need to know forensics and
feel comfortable with command line.
Webcast |
|
Introduction
"This book is a must for anyone attempting to examine the
iPhone. The level of forensic detail is excellent. If only all guides to
forensics were written with this clarity!" - Andrew Sheldon, Director of
Evidence Talks, computer forensics experts
With iPhone use increasing in business networks, IT and security
professionals face a serious challenge: these devices store an enormous amount
of information. If your staff conducts business with an iPhone, you need to
know how to recover, analyze, and securely destroy sensitive data. iPhone
Forensics supplies the knowledge necessary to conduct complete and highly
specialized forensic analysis of the iPhone, iPhone 3G, and iPod Touch. This
book helps you:
- Determine what
type of data is stored on the device
- Break v1.x and
v2.x passcode-protected iPhones to gain access to the device
- Build a custom
recovery toolkit for the iPhone
- Interrupt
iPhone 3G's "secure wipe" process
- Conduct data
recovery of a v1.x and v2.x iPhone user disk partition, and preserve and
recover the entire raw user disk partition
- Recover deleted
voicemail, images, email, and other personal data, using data carving
techniques
- Recover
geotagged metadata from camera photos
- Discover Google
map lookups, typing cache, and other data stored on the live file system
- Extract contact
information from the iPhone's database
- Use different
recovery strategies based on case needs
And more. iPhone Forensics includes
techniques used by more than 200 law enforcement agencies worldwide and is a
must-have for any corporate compliance and disaster recovery plan.
What I Learned
This is such a cool
book! I had no idea the ways to get "into" an iPhone were so easy.
The book also opened
my eyes to issues of security. Every app on the iPhone has an electronic trail.
In other words, any app can be tracked and cataloged. If you are not paranoid
about your habits, you should be. Your information will be freely available to
"others". This goes much beyond just GPS tracking.
Was this book a quick
read? No. It entailed having to download certain files and deciding whether or
not to "break" my iPhone to run the programs to verify if this worked
as advertised.
Now I have version
3.0 installed on my 3G iPhone. But I still have the old unit I hope to one day
resurrect so I can work with it again.
Because there is a
paucity of literature on the topic, this book really is the best source I've
found so far regarding accessing the part of the iPhone that normally is hidden
from view – unless of course, you break the law and the unit gets used as
evidence. But you would never do
that, right?
Conclusion
There are a lot of
things I don't do on an iPhone. I originally intended to use it as my portable
computer until I discovered it does some things really well, and others not as
well as I'd like. If anybody wants to use my iPhone for evidence against me,
they are going to be sadly disappointed. But now I know how to unlock an iPhone
and rummage through its dusty closet and find those ever-present skeletons.
Just because you think you erased information doesn’t mean it is really gone.
Perhaps the most
interesting thing I heard via the WWDC was the way to remotely locate an iPhone
with 3.0 and then erase everything on it so the information cannot be used against
you. I'll just have to wait until the next versions of unlocking apps come out
to find out if that is really true or not. At least now I know how.